Westminster IThttps://www.westminsterit.com
Fri, 05 Jun 2020 15:55:55 +0000en-UShourly1https://wordpress.org/?v=4.9.14Monetary Demands Are Skyrocketing For Ransomware Decryptionshttps://www.westminsterit.com/2020/06/05/monetary-demands-are-skyrocketing-for-ransomware-decryptions/
https://www.westminsterit.com/2020/06/05/monetary-demands-are-skyrocketing-for-ransomware-decryptions/#respondFri, 05 Jun 2020 15:00:00 +0000https://www.westminsterit.com/2020/06/05/monetary-demands-are-skyrocketing-for-ransomware-decryptions/Ransomware attacks have evolved quite a lot over the course of the past year, and have become one of the most visible threats organizations of all sizes face. That is, based on ...]]>Ransomware attacks have evolved quite a lot over the course of the past year, and have become one of the most visible threats organizations of all sizes face.

That is, based on recently published research conducted by Group-IB, which analyzed the rapidly changing threat landscape. Their findings should disturb every business owner.

Here's a quick overview:

First and foremost, ransomware attacks have become much more commonplace. The year 2019 saw a 40 percent increase over 2018, which is a clear indication that hackers around the world are increasingly seeing ransomware strains as their preferred vehicle for attacking organizations.

Second, the average size of the ransom demanded has been steadily increasing, moving from just $6,000 to a staggering $84,000. The focus is on large corporations and government agencies being the driving factor behind the dramatic increase.

In terms of tactics, far and away, the most common means of gaining an initial foothold onto a corporate or government network is RDP (Remote Desktop Protocol). RDP serves as the point of entry for 70 percent-80 percent of the attacks.

Aside from this, incident response teams report that exploit kits and spear phishing campaigns were also used regularly, though these were vastly overshadowed by RDP. The teams responding to Group-IB's information requests also noted that more advanced ransomware actors relied on advanced methods that gave them access to more valuable targets.

The methods the hackers used include:

Compromising MSP's (Managed Service Providers)

Exploiting un-patched vulnerabilities in applications

Compromising supply chains

The bottom line is that no one is safe, and the price of a successful breach has increased dramatically. Worse, an increasing percentage of hackers are now demanding not one, but two ransoms from each target they hit. The initial payment to unlock encrypted files and a second payment to delete their copies of stolen files, rather than publishing them for all to see.

The best way to keep your company safe from this particular threat is to minimize your reliance on RDP and to make sure you've got a robust backup plan in place. If you haven't yet taken both steps, the time to do so is now.

]]>https://www.westminsterit.com/2020/06/05/monetary-demands-are-skyrocketing-for-ransomware-decryptions/feed/0Major WiFi Updates Came To Windows 10 Recentlyhttps://www.westminsterit.com/2020/06/04/major-wifi-updates-came-to-windows-10-recently/
https://www.westminsterit.com/2020/06/04/major-wifi-updates-came-to-windows-10-recently/#respondThu, 04 Jun 2020 15:00:00 +0000https://www.westminsterit.com/2020/06/04/major-wifi-updates-came-to-windows-10-recently/Great news for the legions of Windows 10 users around the world. Version 2004 comes with a significant WiFi update that includes Wi-Fi6 and WPA3 support, which will give users better wireless ...]]>Great news for the legions of Windows 10 users around the world. Version 2004 comes with a significant WiFi update that includes Wi-Fi6 and WPA3 support, which will give users better wireless performance and increased security.

That's great news, but of course, there's a catch. In order to make use of WiFi 6, you'll need a router with support for both WiFi6 and WPA3.

Although those do currently exist and are available for sale today, they are new, and therefore a bit on the expensive side. Even so, the new Windows 10 update gives you a compelling reason to upgrade your equipment.

If you recently purchased a new router, it may already support the latest standard. If so, that fact will be indicated either in the router's documentation or on the manufacturer's website.

You can check to see if you're currently connected to a WiFi6 network by following these steps:

Connect to your network

Select the WiFi network icon on the right side of the taskbar.

Click on "Properties," which you'll find beneath the name of your network.

When the properties screen loads, click the "Properties" tab and look at the information displayed next to "Protocol."

If you're connected to a WiFi 6 network, you'll see "Wi-Fi 6 (802.11ax) in the Protocol box.

To see if you're connected using WPA3 security, follow these steps:

Once you connect to your WiFi network, click the icon on the right side of the taskbar, then select Properties, located under your network's name.

Once the screen loads, click the "Properties" tab and look at the information displayed next to "Security Type." If it says WPA3, you're all set.

To be sure you're using the latest Windows 10 update, just click your Start button, go to Settings, then Update & Security, and then Windows Update. Once there, you'll see a button labeled "Check for Updates." Click that, and if a new update is available, it will start downloading.

This is great news, and if you're looking for a simple way to boost your performance and productivity, this is it. Kudos to Microsoft for the inclusion.

]]>https://www.westminsterit.com/2020/06/04/major-wifi-updates-came-to-windows-10-recently/feed/0Hackers Set Their Sights On Cloud Serviceshttps://www.westminsterit.com/2020/06/03/hackers-set-their-sights-on-cloud-services/
https://www.westminsterit.com/2020/06/03/hackers-set-their-sights-on-cloud-services/#respondWed, 03 Jun 2020 15:00:00 +0000https://www.westminsterit.com/2020/06/03/hackers-set-their-sights-on-cloud-services/Thanks to the pandemic, tens of millions of people are working from home. Even before then, the Cloud was experiencing a tremendous amount of growth, but since shelter in place orders were ...]]>Thanks to the pandemic, tens of millions of people are working from home.

Even before then, the Cloud was experiencing a tremendous amount of growth, but since shelter in place orders were issued by many governments around the world, growth has absolutely skyrocketed.

This has drawn the attention of a number of hacking groups, which have taken an increased interest in gaining access to Cloud resources, stealing login credentials and then making off with a wide range of sensitive data.

According to statistics gathered by McAfee, the number of attacks aimed squarely at Cloud services have increased by a whopping 630 percent between January and April of this year.

Broadly speaking, the attacks come in two basic flavors:

First, logins from anomalous locations that haven't previously been used and is not familiar to the organization.

Second, what researchers are calling 'suspicious superhuman' logins, which are defined by multiple login attempts in a short span of time from locations scattered across the globe. For instance, you might see one login attempt made in South America with another, a few seconds later, in Asia, and so on.

Rajiv Gupta, the Senior Vice President For Cloud Security at McAfee, had this to say about the company's findings:

"The risk of threat actors targeting the cloud far outweighs the risk brought on by changes in employee behavior."

The good news is that there's a relatively simple way for organizations to reduce the risk to near-zero. Simply enable two-factor authentication and the vast majority of these types of attacks will be doomed to fail.

The bottom line is that the risks are increasing and that's not likely to change anytime soon. Stay on your guard and make sure your people are aware. Phishing scams are the most common means of gaining access to login credentials.

]]>https://www.westminsterit.com/2020/06/03/hackers-set-their-sights-on-cloud-services/feed/0Gmail Gets New Quick Menu Setting In Updatehttps://www.westminsterit.com/2020/06/02/gmail-gets-new-quick-menu-setting-in-update/
https://www.westminsterit.com/2020/06/02/gmail-gets-new-quick-menu-setting-in-update/#respondTue, 02 Jun 2020 15:00:00 +0000https://www.westminsterit.com/2020/06/02/gmail-gets-new-quick-menu-setting-in-update/Google recently announced a change to Gmail that will make it easier for the service's 2 billion+ users to experiment with different themes, layouts and settings. Even better, users can see the ...]]>Google recently announced a change to Gmail that will make it easier for the service's 2 billion+ users to experiment with different themes, layouts and settings.

Even better, users can see the results of their changes before actually applying them.

To make use of the new feature, all you have to do is click the gear icon on your Gmail screen.

This displays the settings menu, which allows you to select and view different display options, inbox types and interfaces. The changes are shown alongside your current inbox, giving you a simple way to compare and contrast. Just find one you like and once you're happy, apply the change.

The company started rolling out the new "Quick Menu" option for G Suite and consumer uses on Tuesday, but if you don't see it at present, give it a few days. With more than two billion users, it's going to take several days for Google to complete the rollout.

Google had this to say about the recent change:

"We're making these options easier to find, and letting you explore them in real time, so your actual inbox will update immediately to show you exactly what the setting will do. We hope this makes it easier to set up Gmail the way that works best for you."

It's a small point, but it's worth mentioning that the new menu option is enabled for all users by default, and there is no admin control option for it.

In any case, it's well worth experimenting with as you may find a layout that allows you to work more efficiently. Honestly, we love the new feature and we think you will too. Give the various options available a try, and kudos to Google for continuing to improve the user experience.

]]>https://www.westminsterit.com/2020/06/02/gmail-gets-new-quick-menu-setting-in-update/feed/0Wishbone App Database Leaked To Public By Hackerhttps://www.westminsterit.com/2020/06/01/wishbone-app-database-leaked-to-public-by-hacker/
https://www.westminsterit.com/2020/06/01/wishbone-app-database-leaked-to-public-by-hacker/#respondMon, 01 Jun 2020 15:00:00 +0000https://www.westminsterit.com/2020/06/01/wishbone-app-database-leaked-to-public-by-hacker/The hacking group calling themselves 'The Shiny Hunters' has been busy. Recently, they put databases containing user records from eleven different companies up for sale on the Dark Web, including a massive ...]]>The hacking group calling themselves 'The Shiny Hunters' has been busy.

Recently, they put databases containing user records from eleven different companies up for sale on the Dark Web, including a massive database containing some 40 million records belonging to the popular Wishbone app.

Wishbone is a social media platform that's especially popular among children. It allows users to compare two items by way of a simple poll. The database was initially being offered for 0.85 bitcoin, which is, at the time this article was written, worth approximately $8,000.

Only days after the database was originally offered for sale, it appeared elsewhere on the Dark Web in its entirety, for free. The information it contains includes usernames, email addresses, phone numbers, geo-location data, hashed passwords, and profile data, including links to uploaded user photos. That's bad news indeed for any parent, because again, this app is especially popular among children.

A closer inspection of the records the database contains reveals that the hashed passwords are only weakly encrypted, using MD5, which can easily be broken using freely available tools, putting every one of the 40 million users identified in the database at risk.

If you're not sure if your child has downloaded Wishbone, it pays to double check immediately. Be sure to change the password on any account you or your children may have associated with the account.

For the company's part, a notice recently went up on the Wishbone website that read: "Protecting data is of the utmost importance. We are investigating this matter and will share any significant developments."

Unfortunately, the most significant development is that some 40 million of the app's users are now at risk. Don't take any chances. If you or your kids use this app, change your password immediately and be on the alert for phishing emails sent to any email address referenced in your Wishbone profile.

]]>https://www.westminsterit.com/2020/06/01/wishbone-app-database-leaked-to-public-by-hacker/feed/0New Data Breach Affected Some Bank Of America Loan Applicantshttps://www.westminsterit.com/2020/05/30/new-data-breach-affected-some-bank-of-america-loan-applicants/
https://www.westminsterit.com/2020/05/30/new-data-breach-affected-some-bank-of-america-loan-applicants/#respondSat, 30 May 2020 15:00:00 +0000https://www.westminsterit.com/2020/05/30/new-data-breach-affected-some-bank-of-america-loan-applicants/If you're like many business owners, you may have recently applied for a loan through the Paycheck Protection Program (PPP) which was one of the COVID-19 relief funds established by the Federal ...]]>If you're like many business owners, you may have recently applied for a loan through the Paycheck Protection Program (PPP) which was one of the COVID-19 relief funds established by the Federal government in response to the global pandemic.

If you applied for that loan through Bank of America, be advised that the company recently disclosed a security incident that impacted its online platform for processing those loan requests. The company says that it is possible that other lenders or organizations may have temporarily had access to significant portions of your application data.

The breached data included, but was not limited to:

Your business' name and physical address

Designated company contact officials

Your firm's Tax Identification Number

The name of the company owner

The Social Security Number of the company owner, as well as the owner's email address, phone number and citizenship

Based on the initial findings of an investigation into the matter, Bank of America says that an SBA test server was at the root of the problem.

Per a company spokesman, "...this platform was designed to allow authorized lenders to test the process for submitting PPP applications to the SBA prior to the actual submission process."

The company's official words on the matter makes the issue seem rather insignificant, but there's more. Some business owners have reported that when they logged back into the system to check the status of their loan application, they could see the details of other loan applicants in their dashboard. That means that potentially, many more people than just 'authorized lenders' may have seen the details of your loan application.

The investigation is still ongoing, and so far, Bank of America has declined to comment on the growing number of reports described above, or offered any additional information. If you submitted your application to the PPP loan program by way of Bank of America, just be advised that for a brief period of time, others may have gained access to your application details, and that the problem that caused it has now been solved.

]]>https://www.westminsterit.com/2020/05/30/new-data-breach-affected-some-bank-of-america-loan-applicants/feed/0Microsoft Phasing Out 32Bit Windows 10 Support Starting With OEMshttps://www.westminsterit.com/2020/05/29/microsoft-phasing-out-32bit-windows-10-support-starting-with-oems/
https://www.westminsterit.com/2020/05/29/microsoft-phasing-out-32bit-windows-10-support-starting-with-oems/#respondFri, 29 May 2020 15:00:00 +0000https://www.westminsterit.com/2020/05/29/microsoft-phasing-out-32bit-windows-10-support-starting-with-oems/Be advised that Microsoft has announced it will begin phasing out support of the 32-bit version of Windows 10, beginning with OEM's. The change is effective as of the May 2020 release. ...]]>Be advised that Microsoft has announced it will begin phasing out support of the 32-bit version of Windows 10, beginning with OEM's.

The change is effective as of the May 2020 release.

Microsoft had this to say about the recent change:

"Beginning with Windows 10, version 2004, all new Windows 10 systems will be required to use 64-bit builds for OEM distribution. This does not impact 32-bit customer systems that are manufactured with earlier versions of Windows 10; Microsoft remains committed to providing feature and security updates on these devices, including continued 32-bit media availability on non-OEM channels to support various upgrade installation scenarios."

The long and the short of this change is that it sounds far worse than it is. The simple truth is that this change is only slated to impact about 0.20 percent of the massive Windows 10 installed base. The vast majority of Windows 10 installations already use the 64-bit version of the OS. Even so, if you are one of the few users relying on the 32-bit version, be aware that this is the first of several steps that will gradually see Microsoft backing away from 32-bit entirely.

Overall, most industry experts agree that this is a good move. With such a tiny user base, systematically eliminating 32-bit support eliminates a broad range of potential issues and development conflicts that could arise as a consequence of supporting both architectures.

Bottom line: It streamlines and simplifies everyone's life, which means that Microsoft, and every company that develops Windows-compatible software will have one less thing to worry about. Kudos to Microsoft for making the decision, and if you are one of the handful of 32-bit users, just be aware that you're going to need to upgrade sooner, rather than later.

]]>https://www.westminsterit.com/2020/05/29/microsoft-phasing-out-32bit-windows-10-support-starting-with-oems/feed/0Home Chef Company Data Breach Affected 8 Million Customershttps://www.westminsterit.com/2020/05/28/home-chef-company-data-breach-affected-8-million-customers/
https://www.westminsterit.com/2020/05/28/home-chef-company-data-breach-affected-8-million-customers/#respondThu, 28 May 2020 15:00:00 +0000https://www.westminsterit.com/2020/05/28/home-chef-company-data-breach-affected-8-million-customers/Are you a Home Chef customer? If so, be advised that the company recently announced a data breach. It was discovered after the hackers who broke in sold more than 8 million ...]]>Are you a Home Chef customer? If so, be advised that the company recently announced a data breach.

It was discovered after the hackers who broke in sold more than 8 million user records on the Dark Web.

The group, calling themselves "The Shiny Hunters" has been busy of late.

They've been selling databases containing records stolen from a total of eleven different companies, with prices ranging from $500 to $2500 per database.

Home Chef was made aware that the database containing their customers' information was available for sale nearly two weeks ago. However, the company waited an inordinate amount of time before coming forward and publicly announcing the breach, a delay which has cost them in the eyes of their customers.

Part of the company's notice on their website reads, in part, as follows:

"Protection of customer data is a top priority for Home Chef and we work hard to safeguard our customers' information. We recently learned of a data security incident impacting select customer information."

The FAQ accompanying the notification goes on to outline that the stolen data includes the following information. It included the customer names, email addresses, phone numbers, the last four digits of any credit card numbers on file, encrypted passwords, and a variety of other general profile information.

Home Chef stressed that only the last four digits of a customer's card was accessed, and reiterated that they don't store complete payment information in their databases.

That's all well and good, but the company is finding it hard to convincingly sell the idea that protection of customer data is a top priority. After all, they waited two weeks to inform their customers that their information was for sale on the Dark Web. That is why, despite the fact that this breach is relatively small compared to others we've seen over the past twelve months, the company is taking flak for it.

In any event, if you're a Home Chef customer, be sure to head to their website and see if yours was one of the accounts accessed. Even if it wasn't, the prudent course of action would be to change your password at the very least.

]]>https://www.westminsterit.com/2020/05/28/home-chef-company-data-breach-affected-8-million-customers/feed/0iPhone Update Includes COVID-19 Contact Tracing And Mask Detectionhttps://www.westminsterit.com/2020/05/27/iphone-update-includes-covid-19-contact-tracing-and-mask-detection/
https://www.westminsterit.com/2020/05/27/iphone-update-includes-covid-19-contact-tracing-and-mask-detection/#respondWed, 27 May 2020 15:00:00 +0000https://www.westminsterit.com/2020/05/27/iphone-update-includes-covid-19-contact-tracing-and-mask-detection/The latest release of iOS and iPadOS (13.5) is out, and contains the usual variety of bug fixes and modest improvements. In addition to the usual fare though, it also makes an ...]]>The latest release of iOS and iPadOS (13.5) is out, and contains the usual variety of bug fixes and modest improvements.

In addition to the usual fare though, it also makes an important change to the way FaceID works for users wearing a mask. Also, it contains an important new COVID-19 Contact Tracing feature.

Some months ago, Apple and Google announced a partnership that saw the two tech giants collaborating on a number of projects related to the pandemic. This new feature is an outgrowth of that partnership. It enables a contract tracing API that health official can use to build apps designed to help fight the spread of COVID-19.

As to the new feature itself, it provides you with an anonymous way to alert others that you've come in contact with over the last 14 days, should you contract the virus and test positive.

The changes to FaceID will immediately prompt you to enter your PIN if the software fails to recognize your face, as opposed to making you jump through that hoop multiple times before finally displaying the PIN prompt. It's a small change, but a welcome one, especially since wearing a face mask often causes the facial recognition function to fail.

The latest update is available right now. If you don't have it yet, just open up your Settings app, then go to General  Software update and follow the prompts from there.

Unfortunately, it doesn't appear that we'll be rid of COVID-19 anytime soon, so we'll be seeing more enhancements like these in the weeks and months ahead. With any luck, one of the vaccines currently on the fast track will prove to be successful. In the meanwhile, it is reassuring to know that big tech companies are stepping up and filling the gaps left in what has been a lackluster Federal response to this point. Kudos to both Apple and Google!

]]>https://www.westminsterit.com/2020/05/27/iphone-update-includes-covid-19-contact-tracing-and-mask-detection/feed/0New Chrome Feature Stops Ads That Use Excessive Resourceshttps://www.westminsterit.com/2020/05/26/new-chrome-feature-stops-ads-that-use-excessive-resources/
https://www.westminsterit.com/2020/05/26/new-chrome-feature-stops-ads-that-use-excessive-resources/#respondTue, 26 May 2020 15:00:00 +0000https://www.westminsterit.com/2020/05/26/new-chrome-feature-stops-ads-that-use-excessive-resources/Recently, Google announced a change that should be a welcome relief to many users, especially those who surf primarily on laptops or handhelds. Beginning in late August, the browser will automatically unload ...]]>Recently, Google announced a change that should be a welcome relief to many users, especially those who surf primarily on laptops or handhelds. Beginning in late August, the browser will automatically unload ad iframes that soak up an excessive amount of computing resources.

Advertising is, of course, ubiquitous on the web. There's little you can do to avoid it, so this is an excellent step.

Marshall Vale, Chrome's Product Manager, had this to say about the coming change:

"In order to save our users' batteries and data plans, and provide them with a good experience on the web, Chrome will limit the resources a display ad can use before the user interacts with the ad. When an ad reaches its limit, the ad's frame will navigate to an error page, informing the user that the ad has used too many resources.

If users click the Details link, they will see a short message explaining why the ad was unloaded and saying that 'This ad uses too many resources for your device, so Chrome removed it.'"

In terms of the criteria Google will use to make the determination, it is as follows:

Uses more than 4 megabytes of network bandwidth

Uses the main thread for more than 15 seconds in any 30-second window

Uses the main thread for more than 60 seconds in total

Vale went on to explain that only about 0.3 percent of ads displayed on the web exceed these thresholds, but that they are responsible for a staggering 26 percent of all network data and 28 percent of all CPU resources used by online advertising.

If you are a business owner, the best way to ensure that your ads don't inadvertently exceed these thresholds is to make sure that any images you use are compressed. Also, don't try to display excessively large video files in the ads you're deploying.

On balance, this is a good move. Although it is certain to cause some amount of grumbling on the part of the web's advertisers. In any case, kudos to Google for continuing to try to improve the overall user experience.